Mercurial > prosody-modules
view mod_http_oauth2/README.markdown @ 5285:8e1f1eb00b58
mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!)
Problem:
This was causing the key to become "<token>--cur" instead of the expected
"<token>-cur". As the same key was used by the code to both set and get, it
still worked.
Rationale for change:
Although it worked, it's unintended, inconsistent and messy. It increases the
chances of future bugs due to the unexpected format.
Side-effects of change:
Existing '--cur' entries will not be checked after this change, and therefore
existing FAST clients will fail to authenticate until they attempt password
auth and obtain a new FAST token.
Existing '--cur' entries in storage will not be cleaned up by this commit, but
this is considered a minor issue, and okay for the relatively few FAST
deployments.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 29 Mar 2023 16:12:15 +0100 |
| parents | 3235b8bd1e55 |
| children | 80ecba092027 |
line wrap: on
line source
--- labels: - Stage-Alpha summary: 'OAuth2 API' rockspec: build: copy_directories: - html ... Introduction ============ This module is a work-in-progress intended for developers only! Configuration ============= Dynamic client registration enabled by configuring a JWT key. Algorithm defaults to *HS256*. ```lua oauth2_registration_key = "securely generated JWT key here" oauth2_registration_algorithm = "HS256" oauth2_registration_options = { default_ttl = 60 * 60 * 24 * 90 } ``` Various flows can be disabled and enabled with `allowed_oauth2_grant_types` and `allowed_oauth2_response_types`: ```lua allowed_oauth2_grant_types = { "authorization_code"; -- authorization code grant "password"; -- resource owner password grant } allowed_oauth2_response_types = { "code"; -- authorization code flow -- "token"; -- implicit flow disabled by default } ``` Compatibility ============= Requires Prosody 0.12+ or trunk.